Summary: | ASTERISK-09321: [patch] strcasecmp in app_macro related to GOSUB returns a NULL causing a segfault. | ||
Reporter: | Brian West (bkw918) | Labels: | |
Date Opened: | 2007-04-26 11:54:36 | Date Closed: | 2007-05-08 17:40:14 |
Priority: | Critical | Regression? | No |
Status: | Closed/Complete | Components: | Applications/app_macro |
Versions: | Frequency of Occurrence | ||
Related Issues: | |||
Environment: | Attachments: | ( 0) 20070427__bug9602.diff.txt ( 1) 20070504__bug9602.diff.txt | |
Description: | (gdb) bt#0 0x00a037f9 in strcasecmp () from /lib/tls/libc.so.6 #1 0x00f6f470 in macro_exec (chan=0xb55c2698, data=0xb56bc070) at app_macro.c:311 #2 0x0808b3b0 in pbx_exec (c=0xb55c2698, app=0xa1433e8, data=0xb56bc070, newstack=1) at pbx.c:574 #3 0x0808f030 in pbx_extension_helper (c=0xb55c2698, con=0x0, context=0xb55c27e8 "macro-dial", exten=0xb55c28dc "s", priority=7, label=0x0, callerid=0xb55c3338 "6823653814", action=1) at pbx.c:1717 #4 0x080904bd in ast_spawn_extension (c=0xb55c2698, context=0xb55c27e8 "macro-dial", exten=0xb55c28dc "s", priority=7, callerid=0xb55c3338 "6823653814") at pbx.c:2250 ASTERISK-1 0x08090a0d in __ast_pbx_run (c=0xb55c2698) at pbx.c:2316 ASTERISK-2 0x08091905 in pbx_thread (data=0xb55c2698) at pbx.c:2537 ASTERISK-3 0x00b48371 in start_thread () from /lib/tls/libpthread.so.0 ASTERISK-4 0x00a60ffe in clone () from /lib/tls/libc.so.6 | ||
Comments: | By: Brian West (bkw918) 2007-04-26 12:08:47 This patch still will allow the race condition to take place. The issue is "e" is disappearing between functions calls. You would have to lock "e" or put it into a local var to fully fix this. The same race can happen in ast_get_extension_app_data. /b By: Tilghman Lesher (tilghman) 2007-04-26 12:20:49 Please upload a 'bt full' into the file upload area. By: Brian West (bkw918) 2007-04-26 12:27:30 I no longer have them. I have since removed the patch that introduced this issue and using app_macro from 1.2.16. If I have time tonight i'll try to reproduce this issue again. It takes about 24 hours to reproduce it and I suspect its related to reloading while this is processing and "e" just going away. /b By: Tilghman Lesher (tilghman) 2007-04-26 12:59:06 Please test with this patch, then. By: callguy (callguy) 2007-04-27 04:11:30 we hit this issue 4 times yesterday after upgrading to 1.2.18. we've installed the patch and will see how we fare today. By: Tilghman Lesher (tilghman) 2007-04-27 08:06:35 Thought it over overnight, and I think it's probable that we're holding onto e a little long. There's still a possible race, but it's much, much shorter with this second patch. By: callguy (callguy) 2007-04-27 09:19:42 Tried the newer patch but it fails. Reject file uploaded. By: callguy (callguy) 2007-04-27 09:20:52 Disregard my last post - I'm losing my mind. Forgot to revert to unpatched app_macro.c before applying the new patch. By: callguy (callguy) 2007-04-27 16:07:57 Ok, had the first patch running today, and we did experience one crash this afternoon. We'll be installing the newer one tonight and will get a better sense on Monday if that resolves it. By: callguy (callguy) 2007-05-01 11:04:12 We just experienced a crash with the 4/27 patch. It does seem to be much improved (we made it a day and a half without issue), but not completely resolved. By: callguy (callguy) 2007-05-01 11:15:31 Here's the BT from the most recent: (gdb) bt #0 0x00abe359 in strcasecmp () from /lib/tls/libc.so.6 #1 0xb799944e in macro_exec (chan=0xb76213e0, data=0xb56fd0a0) at app_macro.c:311 #2 0x080918ed in pbx_extension_helper (c=0xb76213e0, con=Variable "con" is not available. ) at pbx.c:574 #3 0x08092bb6 in __ast_pbx_run (c=0xb76213e0) at pbx.c:2250 #4 0x0809474c in pbx_thread (data=0x0) at pbx.c:2537 ASTERISK-1 0x00c03341 in start_thread () from /lib/tls/libpthread.so.0 ASTERISK-2 0x00b1b6fe in clone () from /lib/tls/libc.so.6 (gdb) bt full #0 0x00abe359 in strcasecmp () from /lib/tls/libc.so.6 No symbol table info available. #1 0xb799944e in macro_exec (chan=0xb76213e0, data=0xb56fd0a0) at app_macro.c:311 tmp = 0xb56f8240 "join-meetme" cur = 0x0 rest = 0x0 macro = 0xb56f8240 "join-meetme" fullmacro = "macro-join-meetme\000le\000\000\000\000?23b??23b??017\b\000\000\000\200\000\000\000\000\000\000\000\000?\b\200~o?\000\000\000\000pno???\b?\027b??23b?pno?" varname = "ARG2", '\0' <repeats 75 times> oldargs = {0x0 <repeats 81 times>} argc = 3 x = 0 res = 0 oldexten = "6173990701", '\0' <repeats 245 times> oldpriority = 4 gosub_level = 0 pc = "4", '\0' <repeats 78 times> depthc = "1\000\000\000\000\000\000\000\000\000\000" oldcontext = "pstn-in", '\0' <repeats 72 times> offsets = 0x0 s = 0x0 inhangupc = 0x0 offset = 0 depth = 0 maxdepth = 7 setmacrocontext = 1 autoloopflag = 512 dead = 0 inhangup = 0 save_macro_exten = 0x0 save_macro_context = 0x0 save_macro_priority = 0x0 save_macro_offset = 0x0 u = (struct localuser *) 0x94d9230 c = (struct ast_context *) 0x8fc3a60 e = (struct ast_exten *) 0x8c84c90 __PRETTY_FUNCTION__ = "macro_exec" #2 0x080918ed in pbx_extension_helper (c=0xb76213e0, con=Variable "con" is not available. ) at pbx.c:574 e = (struct ast_exten *) 0x8acf2e0 sw = Variable "sw" is not available. By: Brian West (bkw918) 2007-05-04 12:06:04 I wasn't using GOSUB when I encounted this crash... so its SO isn't related to GOSUB its related to e going bye bye :P /b By: Tilghman Lesher (tilghman) 2007-05-04 12:36:57 callguy: new patch for you to test. By: callguy (callguy) 2007-05-08 16:08:06 Corydon76- We've made it through a couple of days on very heavily utilized servers without incident. I think you can commit the 5/04 patch. By: Tilghman Lesher (tilghman) 2007-05-08 17:40:14 Committed in revision 63477, merged in 63478, 63479. |